On 18-Dec-2001 TD - Sales International Holland B.V. wrote:
> Hey there,
>
> I was once told I need to use addslashes and stripslashes on data I get from
> the web and insert into the database. I'd like to know why?!?! See I know
> that with other languages you could use special chars to hack/crack the
> database, but even without add/strip slashes I can't seem to manage.... I
> have a text field I inserted into the database and I entered stuff like
> this:
> ~!@#$%^&*()_+~!@#$%^&*()_+|\\||\[]{};:'".>,</?
> since quotes n stuff aren't nicely closed now I'd expect an error if this
> was
> crack/hackable however it just inserts fine without any problems whatsoever.
> I'm using PHP 4.0.6 and MySQL 4.23.43 (I think haven't checked...) Also when
> I go to the page where the data is retrieved from the database and put in
> HTML I see EXACTLY what I entered. So it doesn't appear to me I'd need these
> add/strip slashes functions. Any comments would be greatly appreciated.
>
Check your 'magic_quotes_gpc', it might explain it.
Regards,
--
Don Read [EMAIL PROTECTED]
-- It is necessary for me to learn from others' mistakes. I
will not live long enough to make them all by myself.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
